0

Trying to setup Postfix to run chrooted. Only bit of info on this comes from the man page which simply says to follow the instructions in master.cf. master.cf is self explanatory, just set 'y' in the chroot column. BUT NO, it still doesn't work.

# pgrep master
12661
# ls -lh /proc/12661/root
lrwxrwxrwx 1 root root 0 Feb 23 22:03 /proc/12661/root -> /

Still points to my root! This means it still reads user related info (local_recipient_maps for example) from /etc/passwd, which I do not want to. I want to use a separate passwd file in the chroot. I tried setting:

local_recipient_maps = $maps
maps=/var/spool/postfix/etc/passwd

but still nothing. It still reads from /etc/passwd.
Chroot env is set in /var/spool/postfix and all needed files and libs are there.

master.cf:

smtp      inet  n       -       y       -       -       smtpd
smtpd     pass  -       -       y       -       -       smtpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       y       300     1       qmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       y       -       -       proxymap
proxywrite unix -       -       y       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       y       -       -       local
virtual   unix  -       n       y       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache

postconf -n:

command_directory = /var/spool/postfix/usr/sbin
config_directory = /var/spool/postfix/etc/postfix
daemon_directory = /var/spool/postfix/usr/libexec/postfix
data_directory = /var/spool/postfix/var/lib/postfix
debug_peer_level = 2
default_privs = nobody
header_checks = regexp:/var/spool/postfix/etc/postfix/header_checks
html_directory = no
inet_interfaces = loopback-only
inet_protocols = ipv4
local_recipient_maps = $maps
mail_owner = postfix
mailq_path = /var/spool/postfix/usr/bin/mailq
manpage_directory = /usr/local/man
maps = /var/spool/postfix/etc/passwd
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
newaliases_path = /var/spool/postfix/usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /var/spool/postfix/etc/postfix
sendmail_path = /var/spool/postfix/usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
unknown_local_recipient_reject_code = 550
w00t
  • 1,134
  • 3
  • 16
  • 35
  • Perhaps there is another procedure you could use if you could quickly and concisely describe the problem you are trying to solve. – mdpc Feb 21 '13 at 21:40
  • Trying to make Postfix read users (nobody) and groups (postfix,postdrop) from the passwd file inside the chroot, instead of the system /etc/passwd. – w00t Feb 22 '13 at 10:52

1 Answers1

5

The master process will not run chrooted, since it spawns all the other services that actually do the work. Check the roots of the various spawned services (like qmgr).

The purpose of chroot (in the master.cf) is to limit the damage that might be caused by exploit, not to present postfix with a different set of information. If you want to present postfix with a different set of users, maybe look at http://www.postfix.org/VIRTUAL_README.html or perhaps prepare a full chroot to start the initial postfix process in manually.

slushpupie
  • 216
  • 1
  • 2
  • http://www.postfix.org/proxymap.8.html - they say use "local_recipient_maps=proxy:unix:passwd.byname $alias_maps" because "it is not practical to maintain a copy of the passwd file in the chroot jail.". I want the exact opposite, it would be perfectly practical to me, lol. – w00t Feb 25 '13 at 12:03
  • I guess what Im suggesting is instead of trying to use any form of unix:passwd.byname go with one of the virtual solutions. Again, the Postfix chroot functionality was not designed with presenting different information in mind, it was designed to limit access to the system. Is there a reason one of the virtual options wouldn't work for you? – slushpupie Feb 25 '13 at 15:37
  • 1
    It would not have worked because I'm running each Apache virtual host under a separate user, and I want all users to be denied from reading /etc and other places. But PHP scripts using mail() function called sendmail, which errored out because it couldn't read /etc/passwd. I ended up using MSMTP instead of sendmail. @php.ini: sendmail_path="/bin/msmtp --host=127.0.0.1 --port=25 -f mailer@localhost -t" – w00t Feb 25 '13 at 22:04